07-18-2007 03:36 AM - edited 03-11-2019 03:45 AM
I have a scenario where there are users on two sites with thier own internet connectivity. Recently one of the ISPs had a significant outage, and therefore the users lost access.
Is there anyway to detect such an outage, and re-route traffic through a WAN link to make use of the alternative internet connection on another site?
The two internet connections are via different service providers, and have PA addressess, I am not and can not run BGP. There are no incomming services with these links, they are purely used for user access to the internet.
I have attached a simplified diagram, which may assist the explanation.
07-18-2007 03:50 AM
One option can be to implement Optimized Edge Routing. It can detect outages and reroute traffic.
The clients on the local lan should have the router as a default gateway, thet can reroute traffic over the WAN link when there is a problem.
http://www.cisco.com/en/US/products/ps6628/products_ios_protocol_option_home.html
07-18-2007 04:45 AM
From what I can find on the web, I don't think OER is supported on Cisco PIX firewalls.
Thanx anyway..
07-18-2007 04:26 AM
Hi
I feel you can run routing protocol between the locations which can redistribute the default route to the neighbor which can be considered as a secondary route when compared to static pointing via the respective ISP.
Also once the ISP goes off you have the valid secondary route learned via the other location which can be used to go out and reach the external world.
But this is effective when you can do some kinda Natting on both the routers so that you can make use of your local ip pools which will be convinient while having internal routing protocol between ur locations..
regds
07-18-2007 04:40 AM
I assume we're talking about firewalls here? Take a look at PIX/ASA 7.x Dual ISP.
07-18-2007 04:53 AM
Yes, Cisco PIX devices, the provided link looks good, but the example has two internet links to the same firewall/site. I'll read around the subject to see if there is a way to do what I want.
07-18-2007 05:00 AM
Mark, yes in that example both links are connected to the firewall. What is the site to site link connected to? Is there an inside router? If so you could run Static Routing Backup with Object Tracking.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
This is essentially what Dual ISP is on the PIX/ASA.
07-18-2007 05:13 AM
The site link is a 100 Mbps Ethernet. At the moment inter site routing is actualy performed by the firewall. I am intending to change that to either a Layer3 switch, or a router, depending upon requirements for the soultion.
07-18-2007 05:16 AM
So both wan links are connected to the firewall right? Meaning you could route to the site to site router using the Dual isp feature of the pix.
07-18-2007 05:01 AM
I understand would need to implement some form of dynamic routing. The issue as I see it is to inform the router when the link goes down, as the firewall itself has not failed.
As for the natting, that shouldn't be an issue, I would just NAT all inside addresses to the outside interface of the firewall.
07-18-2007 05:11 AM
"I understand would need to implement some form of dynamic routing."
-Dynamic routing is not needed in the link I posted.
"The issue as I see it is to inform the router when the link goes down, as the firewall itself has not failed."
-The ip sla process will ping a specified host, when the ping fails the track will go down. This is how the router is notified.
07-18-2007 05:57 AM
Sorry, I got mixed up with replies.
The diagram I posted is simplified, as there are a number of VLANs on each site, currently routed through the firewall. This is causing a number of management issues, therefore moving the routing onto a Layer 3 switch or similar is in plan.
The Object Tracking solution looks promising, do you know if it is supported on 3560/3750 devices?
07-18-2007 06:00 AM
3560 I know for sure it is not, as I also wanted to run it on there. Object tracking is supported on Cisco 3750 starting with 12.2SE. Why not just put the site to site router off of the pix?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: